Tenable

Nessus

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.3%
  • Veröffentlicht 25.06.2026 13:47:27
  • Zuletzt bearbeitet 26.06.2026 16:48:57

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

  • EPSS 0.34%
  • Veröffentlicht 25.06.2026 13:47:27
  • Zuletzt bearbeitet 26.06.2026 16:47:41

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Medienbericht
  • EPSS 0.15%
  • Veröffentlicht 23.04.2026 18:09:41
  • Zuletzt bearbeitet 24.04.2026 14:50:56

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerabili...

Medienbericht
  • EPSS 0.18%
  • Veröffentlicht 01.07.2025 23:11:13
  • Zuletzt bearbeitet 15.10.2025 19:52:46

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

  • EPSS 0.26%
  • Veröffentlicht 18.04.2025 19:17:30
  • Zuletzt bearbeitet 15.04.2026 00:35:42

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.

  • EPSS 0.14%
  • Veröffentlicht 18.04.2025 18:18:02
  • Zuletzt bearbeitet 15.04.2026 00:35:42

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in th...

  • EPSS 0.18%
  • Veröffentlicht 17.05.2024 17:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

  • EPSS 0.19%
  • Veröffentlicht 17.05.2024 17:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured ...

  • EPSS 0.2%
  • Veröffentlicht 18.03.2024 16:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific fi...

  • EPSS 0.78%
  • Veröffentlicht 07.02.2024 00:15:55
  • Zuletzt bearbeitet 21.11.2024 08:47:55

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.